When planning a Configuration Manager 2012 environment it is wise to also plan the anti-virus scan exclusions for the servers. Adding exclusions to your anti-virus solution will give you a better performance, since the online access scanner will not scan every logfile or file in the Configuration Manager inbox folders. Based on the Configuration Manager 2007 blog of the ConfigMgr Team with the knowledge of Configuration Manager 2012 I created the exclusion list below, feel free to supply information if you are missing something.

I did not include the standard Windows and SQL Server exclusions. You can find these here at the Technet Wiki.

For the configuration manager clients the following exclusion can be added:

%windir%ccmcache

Please leave a message if you think something is missing or needs to be changed!

Update 7-7-2012: When using System Center Endpoint Protection you can use the out of the box template (SCEP12_Default_CfgMgr2012.xml) located %Program Files%\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.

In the template the following folders and filetypes are excluded:

%allusersprofile%\NTUser.pol

%systemroot%\system32\GroupPolicy\Machine\registry.pol (update 30/1/2014; in the Template \Machine\ is left out, thanks to Kim Oppalfens)

%windir%\Security\database\*.chk

%windir%\Security\database\*.edb

%windir%\Security\database\*.jrs

%windir%\Security\database\*.log

%windir%\Security\database\*.sdb

%windir%\SoftwareDistribution\Datastore\Datastore.edb

%windir%\Software\Distribution\Datastore\Logs\edb.chk

%windir%\Software\Distribution\Datastore\Logs\edb*.log

%windir%\Software\Distribution\Datastore\Logs\Edbres00001.jrs

%windir%\Software\Distribution\Datastore\Logs\Edbres00002.jrs

%windir%\Software\Distribution\Datastore\Logs\Res1.log

%windir%\Software\Distribution\Datastore\Logs\Res2.log

%windir%\Software\Distribution\Datastore\Logs\tmp.edb

for the next folders both “Program Files” and “Program Files x86” paths are listed:

For the clients, I think the ccmsetup folder should be added into the exclusion list. Otherwise the ccmsetup.log will show “Failed to copy C:\Windows\ccmsetup\ccmsetup.cab.download to C:\Windows\ccmsetup\ccmsetup.cab”

Technical Consultant and Enterprise Client Management (Configuration Manager/Microsoft Intune/Enterprise Mobility Suite) MVP with Microsoft partner IT-Concern with a primary focus on the System Center Suite and Microsoft Exchange. Writing blogs and sharing his knowlegde on ConfigMgrBlog.com.
Also one of the founders and leads of the Windows Management User Group Netherlands.

Peter tries to speak every year on several events like TechDays Netherlands, ExpertsLive BriForum, Midwest Management Summit and in 2013 Peter had the honor to speak at TechEd Australia and TechEd New Zealand. See more here.